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MEMORANDUM FOR: Mr. Hugh Montgomery 

Director, Bureau of Intelligence of Research 
Department of State 



Director, DCl*s Computer Security (C0MPUSEC) Project 

SUBJECT: Final Report of COMPUSEC Assessment of the 

State 1NR Automated Information System 


1. Attached are three copies of the DC1 -sponsored Computer Security 
(COMPUSEC) Project Team's assessment of the security of the 1NR automated 
information system. One of the copies is bound and includes the PCI Direc tives 

25X1 and 0 ther pertinent documents which are identified in Appendix 111. 

25X1 2. As you recall, the COMPUSEC Project Team, under the direction of[ . . 

25X1 performed an initial assessment of your system in November 1983 and 

then began a more refined and detailed security analysis of the system in 
March 1984. Drafts of this report of the assessment were sent to appropriate 
1NR personnel and to Peter Kurtz, the systems programmer for the 1NR system. 

Based on their concerns with some of the findings in our report, 1 25X1 

and his COMPUSEC Project Team modified earlier drafts and brought in highly 
technically qualified experts who explained our concerns to your 
representatives. They were Dr. Lara Baker, Los Alamos National Lab (LANL) and 

25X1 h. o. Lubbes, Naval Electronics Command. 
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APPENDIX 111 


Copies of: 


o NF1B/NF1C-9. 1/47, US Intelligence Community Physical Security 
Standards for Sensitive Compartmented Information Facilities 

o DC ID 1/7 - Control of Dissemination of Intelligence Information 

o DCID 1/14 - Minimum Personnel Security Standards and Procedures 

Governing Eligibility for Access to Sensitive Compartmented 
Information 

o DCID 1/16 - Security Policy on Intelligence Information in Automated 
Systems and Networks 

o DCID 1/19 - Security Policy for Sensitive Compartmented Information 

o CIA DDO message dated 24 oily 1984, Subjects: (1) Concern Regarding 
Protection of Information in Computerized Data Banks, and (2) 
Procedures for Handling “EXCLUSIVE FOR" Disseminations 
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